About Nessus Plugins

As information about new vulnerabilities are discovered and released into the general public domain, Tenable, Inc.’s research staff designs programs to enable Nessus to detect them.

These programs are named plugins, and are written in the Nessus' proprietary scripting language, called Nessus Attack Scripting Language (NASL).

Plugins contain vulnerability information, a generic set of remediation actions, and the algorithm to test for the presence of the security issue.

Nessus supports the Common Vulnerability Scoring System (CVSS) and supports both v2 and v3 values simultaneously. If both CVSS2 and CVSS3 attributes are present, both scores will get calculated. However, in determining the Risk Factor attribute, currently the CVSS2 scores take precedence.

Plugins also are utilized to obtain configuration information from authenticated hosts to leverage for configuration audit purposes against security best practices.

To view plugin information, see a list of newest plugins, view all Nessus plugins, and search for specific plugins, see the Nessus Plugins home page.

Example Plugin Information

List of a single host's scan results by plugin severity and plugin name

Details of a single host's plugin scan result

How do I get Nessus Plugins?

By default, plugins are set for automatic updates and Nessus checks for updated components and plugins every 24 hours.

During the Product Registration portion of the Browser Portion of the Nessus install, Nessus downloads all plugins and compiles them into an internal database.

You can also use the nessuscli fetch —register command to manually download plugins. For more details, see the Command Line section of this guide.

Optionally, during the Registration portion of the Browser Portion of the Nessus installation, you can choose the Custom Settings link and provide a hostname or IP address to a server which hosts your custom plugin feed.

Tip: Plugins are obtained from port 443 of plugins.nessus.org, plugins-customers.nessus.org, or plugins-us.nessus.org.

How do I update Nessus Plugins?

By default, Nessus checks for updated components and plugins every 24 hours. Additionally, you can manually update plugins from the Scanner Settings Page in the user interface.

You can also use the nessuscli update --plugins-only command to manually update plugins.